* fix facts delegation loop overwrite
partial revert of change to allow facts to be present in each loop iteration
was not needed in final results as result processing alreayd had the disctiontion
and ended up breaking the assumptions in the calling code.
fixes#76676
* play_context, compensate for existing plugins
some connection plugins are not fully using the correct configuration,
but this was previously hidden from them as play_context was providing
the info instead, now play_context provides the 'correct' info, but hitting
these bad configurations.
* ansible-galaxy collection install|verify:
- Support verifying the origin of the MANIFEST.json when the Galaxy server has provided signatures.
- Allow supplemental signatures to use during verification on the CLI/requirements file.
* ansible-galaxy collection install:
- Support disabling signature verification. This silences the warning provided by ansible-galaxy if the Galaxy server provided signatures it cannot use because no keyring is configured.
- Store Galaxy server metadata alongside installed collections for provenance. This is used by 'ansible-galaxy collection verify --offline'.
* Add unit tests for method that gets signatures from a Galaxy server
* Add integration tests for user-provided signature sources
- Test CLI option combinations
- Test installing collections with valid/invalid signature sources
- Test disabling GPG verification when installing collections
- Test verifying collections with valid/invalid signature sources
* Make signature verification advisory-by-default if signatures are provided by the Galaxy server
- Make the default keyring None
- Warn if the keyring is None but the Galaxy server provided signatures
- Error if the keyring is None but the user supplied signatures
- Error if the keyring is not None but is invalid
* changelog
* add ansible-galaxy user documentation for new options
Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
Co-authored-by: Andy Mott <amott@redhat.com>
Co-authored-by: John R Barker <john@johnrbarker.com>
* Return rc=0 on success.
Error handling in playbooks generally expects `rc` to be set to 0 when a module has not failed. Playbook authors should not have to check for the existence of `rc` first.
* Use single definition and added changelog
* Fix up tests with new return value
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* add DebianStrategy tests
* ensure hostname can be changed by using become
* use Systemd strat for debian and Base for generic.
* add test to ensure all strategies are available
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
avoid polluting vars with incorrect settings
simplify variables and templars
- variables, original, only updated with final results, reset are copies of this
- tempvars used for preliminary templating
- cvars used for connection/shell/become plugins, delegation aware
- vars_copy ignore tempvars updates and use connection plugin to get
finalized version per loop item/delegation, also used to store temp results
till we are ready to update 'variables'
- fine tune nolog just cause we are here
- also fix inventory_hostname_short for IP addresses
git module now uses env vars exclusively
- updated docs to clarify usage
- now env vars append instead of overwrite to allow existing custom setups to keep working
fixes#38104, #64673, #64674
- added note for hostkeychecking more securely
fixes#69846
- keep script cause old versions still choke on env
- env var cannot hold more than 'command' for older versions
- all ssh_opts in one place
ssh plugin, use 'correct' information source in all cases
* still fallback to pc
* added inventory to new test
* undef var can still show as parser error on pc
now task_exectuer has a more accurate error handling
* ansible-test - Use relative paths in junit output.
Also fix a traceback in the junit callback during automatic fact gathering.
* ansible-test - Handle out-of-tree JUnit paths.
* updated tests to conform to new block inheritance
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
* minor refactor in other options by pushing common code into functions
* consolidate coll_filter
* more normalizing loader
* dont pass plugin_loader, its global import
* Also dump roles and collections
* adjusted tests to new err msg
* disable namespace filter (unused)
* Make include_role/include_tasks work with any_errors_fatal v2
Fixes#50897
Co-authored-by: Matt Martz <matt@sivel.net>
* Add failed to results in free strategy too
* Fix
* Avoid duplicating results
* ci_complete
Co-authored-by: Matt Martz <matt@sivel.net>
* allow inputting 0 for password_expire_{min|max}
0 is meaningful for min days (any time)
0 is technically valid for max_days
* add test for setting both min and max expiry
* [0] return result of execute_command from set_password_expire*
* [1] better return for set_password_expire
* [2] handle returns from set_password_expire*
* only set password expiry if user exists
* collect return-handling code
* combine password min and max into one execution
* handle case where spwd is not present like on macOS and FreeBSD
Co-authored-by: Sam Doran <sdoran@redhat.com>
* config, moved 'choices' from wall of text, to keys
* updated to ensure all pythons handle the 2 modes correctly
* Update lib/ansible/config/base.yml
Co-authored-by: Sandra McCann <samccann@redhat.com>
* go back to keyword being explicit for plugin configs instead of using option name as implicit match
* switch spec to singular, no changes needed since no one used
* Don't send full task with async callback events. Fixes#76729
* Use args for async_status task, instead of k=v
* Make sure we send back the async task attrs for polling
* Add clog frag
* load is a staticmethod
* include_vars initialize failed
if source dir is given, but not present and traversal is empty you
can end up trying to access failed w/o it ever being defined.
also future proof for more corner cases in decision tree
dont display _terms or _intput on only changed
those always change and it expected for the plugins that support them
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
- Avoids false positives on become strings being echoed back
by ssh cli itself
- added test for debug lines
- also simplified some of existing test code
modules with python were always normalized to /usr/bin/python,
while other interpreters could have specific versions.
* now shebang is always constructed by get_shebang and args are preserved
* only update shebang if interpreter changed
* updated test expectation
* added python shebang test
* ansible-galaxy - fix the --ignore-certs flag for the implicit galaxy server
* changelog
* Add a test without the server config
* Fix respecting --ignore-certs for individual --server URLs also
* Update changelogs/fragments/76735-ansible-galaxy-fix-ignore-certs.yaml
This adds the ability to specify a package version using >=. This will ensure the package is at the specified version or above.
* If the package is not installed, the latest version will be installed.
* If the package is installed and less than the specified version, it will be upgraded.
* If the package is installed and greater than or equal to the specified version, it will be left alone.
The version selection is handled by Apt itself, so things like the system policy, pinning, etc, are considered.
* Add additional tests for check_mode with shell/command/script
* update check_mode documentation: if a module/action is not skipped in check mode and accurately reflects whether a change is made to the remote support should be 'full'
* Make reporting skipped in check mode mutually exclusive with 'changed: True'
* Add missing documented attributes
* Fix tests to expect skipped=True and changed=True do not occur together
* Fix script check_mode support documentation
* Fix earlier changelog
* document platforms attribute
* Use tasks's check mode since the value from PlayContext does not reflect loop items
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
'dscl -list' returns 0 even if the user does not exists. This
leads to errorenous condition in user module.
Using 'dscl -read UniqueID' can return if user exists or not.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Ensure the version is valid for directories and collections in git repos before installing
Fix the error message for invalid semantic versions
* Make requested changes
* Add a test case for unhandled ValueError exception
* Add changelog
* Update lib/ansible/galaxy/collection/galaxy_api_proxy.py
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Reword error message
Include link to learn how to compose a semver version
* Move version validation into the caller, find_matches
* Add tests for more invalid version types
* Remove unused import
Fix raising unexpected error
* Update lib/ansible/galaxy/collection/__init__.py
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Update lib/ansible/galaxy/dependency_resolution/providers.py
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Update lib/ansible/galaxy/dependency_resolution/providers.py
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* fixes#28977
* Include the original error message when pick_handler fails
* Add a test to unarchive a tar file with an invalid extra option
* add a changelog
* check if service is indirect status / add integration test
* Update changelogs/fragments/76453-indirect-systemd-status.yml
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* simplify indirect check / remove integration test restriction on rhel9
* add dummy indirect service for integration tests
* unarchive: fix non-english locales
For GNU Gettext, the LANGUAGE environment variable takes precedence over LANG or LC_ALL. On systems where LANGUAGE was set to a non-english locale, the output of the tar command therefore not understood and the module failed silently ("changed": false, but the archive was not extracted).
* add tests
* changelog
* check finder type before passing path
ci_complete
* Reduce nesting
* Test find_module does not cause a traceback with Python 3 FileFinder
* Update lib/ansible/utils/collection_loader/_collection_finder.py
Filter out the /usr/bin/pkg because on Altlinux it is actually the
perl-Package (not Solaris package manager).
Since the pkg5 takes precedence over apt, this workaround is
required to select the suitable package manager on Altlinux.
* catch the case that cowsay is broken
fixes https://github.com/ansible/ansible/issues/72582
add changelog
raise Exception for broken cowsay
add test for broken cowsay
Co-authored-by: Matthias Bernt <m.bernt@ufz.de>
* reset defaults for json filters
these had change on unification of json parsing/dumping
now they behave like before, but are still controllable by user.
* Implement find_spec and exec_module to remove reliance on deprecated methods in the collection loader
ci_complete
* Move module execution to exec_module
Remove extra sys.modules handling
Use default module initialization by returning None from loader.create_module
Refactor
ci_complete
* Remove ansible-test's copy of the collection loader
ci_complete
* Fix metaclass for Python 2.x
ci_complete
* Fix Py2/Py3 syntax compatibility
* Refactor
ci_complete
* update collection_loader comments
ci_complete
* simplify find_module
ci_complete
* Fix Py2 compatibility - don't get loader from nonexistent spec
Remove unnecessary PY3 checking
* Refactor common code in load_module and exec_module
ci_complete
* tidy diff
ci_complete
* Include collection_loader in target paths for 'compile' sanity test
* add changelog
* Add "return None" instead of doing it implicitly
Remove get_filename
short-circuit exec_module if it's a redirect
ci_complete
* Add changelog fragment and integration tests
* Break up function signature into multiple lines
It passed the 160 character width. Change it to multi-line for easier reading
and better diffs in the future.
* Remove unused import
* Update version added for new feature
* Move changelog fragment to correct location
Co-authored-by: Thomas Stähle <thomas.staehle@check24.de>
Co-authored-by: Sam Doran <sdoran@redhat.com>
* First pass of adding yaml result format output to default callback
* Add clog frag
* flow style always false
* Further normalization of results across distros
* no lossy, now pretty
* Fix env var in runme.sh
* Rename variable to better self document
* include NativeJinjaUnsafeText
* Linting cleanup
* Add tests specific to the prior yaml callback
* Make data munging more exact, following the checks in libyaml/pyyaml
* Remove unused import
* Extend comment
* more correct and some comments
* Fix consistency of tab vs space in this section of the file
* Add str representer
* be cooler
* faster character filtering
* Clarify None as a sentinel for default behavior
* Flip filtering logic to avoid CRLF issues with 'space break' filtering
* Py3 change and comment about the use of __call__
Co-authored-by: Matt Davis <mrd@redhat.com>
- On Python 3, decode bytes to str
- Tolerate whitespace around the line.
- Report a missing HOSTNAME line as an error.
- Don't clobber line separators when setting a new hostname.
- Add some tests for this strategy to verify correct operation.
* Skip recursive suboption validation if sub_parameters is not a dictionary
* Ensure sub parameter elements is a sequence to prevent iterating over string characters and causing duplicate error messages for the same param
* Try to find any valid vault id before raising an exception
* Apply the same logic during vault password file loading
* Also. Improve the warning msg and tests
When we introduced an include parameter to the unarchive module, we
inadvertenly flipped the exclusion logic. This flip meant that the
unarchive module started rejecting files that should be extracted.
This commit flips the bad logic and adds some tests that will make
sure things do not go bad again.
* Use NativeEnvironment for all templating
ci_complete
* Keep Templar.copy_with_new_env for backwards compat
* Mention that AnsibleUndefined.__repr__ changed in the porting guide
* Templar.copy_with_new_env backwards compat
* ci_complete
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Davis <mrd@redhat.com>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Prepend the task name to the warning "The loop variable 'item' is
already in use", so that you can get some context even if stdout and
stderr go to separate places.
* Use the task dependency chain to compile the role instead of the parent role's _parents list
* keep existing role inheritance, but limit it to roles in the current task dependency chain
* Test getting role parents recursively by using the current task dependency chain
* changelog
* download role from api response location
* include changelog fragment
* add unit test for role download url
Co-authored-by: Sam Doran <sdoran@redhat.com>
* ansible-galaxy: Clone git collections using shallow clones
This ensures the collection obtained via git url is a result of a
shallow git clone (git clone --depth=1). The git history of the
collection is not used by ansible, and as such, cloning the entire
history of the repo is unnecessary.
Signed-off-by: Tomas Babej <tomas@tbabej.com>
* ansible-galaxy: Only perform shallow clones on non-versioned git urls
In general, the version can be anything we can checkout (branch, tag,
but also a commit hash). In particular for commit hashes we cannot
perform a shallow clone.
Err on the safe side and only perform shallow clones for non-versioned
git urls (cloning HEAD).
* galaxy-install: Make shallow cloning compatible with older Python versions
Signed-off-by: Tomas Babej <tomas@tbabej.com>
* Pass args as a tuple
Add tests for the git command created from different repo and version combinations
* changelog
Co-authored-by: Tomas Babej <tomas@tbabej.com>
* add tests for fail filter
also tests that fail does not block inspectability
* add fail filter
fallback message is a bit clunky,
since you can't invoke a filter without specifying an input.
That is, "{{ fail }}" doesn't work,
so you have to do "{{ None | fail }}"
* document 'fail' filter
* add changelog fragment
* fail filter uses default message on Undefined or emptystring
makes it slightly easier to use the default message:
```diff
- "{{ None | fail }}"
+ "{{ '' | fail }}"
```
and the user sees a slightly more relevant message
if the message itself is undefined:
```diff
- The error was: {{ failmsg | fail }}: 'failmsg' is undefined
+ The error was: {{ failmsg | fail }}: Mandatory variable has not been overridden
```
* rebuild as the builtin `Undefined`
* harmonise `hint` parameter for make_undefined with jinja
* use code block for documentation item
[ref](https://github.com/ansible/ansible/pull/75435#discussion_r707661035)
* rename to `undef` to expose less Python into the Jinja
[ref](https://github.com/ansible/ansible/pull/75435#pullrequestreview-757799031)
* explicitly instantiate undefined value now that it's possible
see I knew we would break something with reflection
* preserve test coverage of undefined variable
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
Change:
- Remove only user-facing use of ANSIBLE_ASYNC_DIR.
- Remove two comments saying to change things that, apparently, we
aren't going to change...
Test Plan:
- ci_complete
Tickets:
- Fixes#74139
- Fixes#74138
- Refs #74226
Signed-off-by: Rick Elrod <rick@elrod.me>
* Enable ansible-galaxy to specify client id override with Keycloak Token
* Specify ability to provide override of client_id
* Test client_id can be configured for individual servers
* Add issue link to changelog
* Document client_id as a config option and add an example
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
* apt module: add option to allow package downgrades
* Add new option to module so users don't have to force downgrades which
is insecure and dangerous
* Add integration tests similar to upgrade integration tests
* Changelog
* Update changelog fragment
* Update changelogs/fragments/74852-apt-allow-downgrade.yaml
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update lib/ansible/modules/apt.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update lib/ansible/modules/apt.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
Co-authored-by: Amin Vakil <info@aminvakil.com>
* ensure dump produces json
* clog and tests
* remove library additions since they are not usable
* avoid any/all dirs
* ensure we dont use local dir as playbookdir
* If an exception occurs when getting a collection's metadata, continue to the next in the server list.
* Warn for unknown exceptions when finding versions of a collection
* Test that an invalid server is no longer fatal if a subsequent server has the collection
* Fix server for verify tests - compare checksums against the server from which it was installed
* Add tests for verify and fix that code path to mirror install/download behavior for server errors
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* pip - Use pip from the current Python interpreter.
If `executable` and `virtualenv` were not specified, and
the `pip` Python module is available for the current interpreter,
use that `pip` module instead of searching for a `pip` command.
* Add comment about needing `__main__` to run `pip`.
* Fix unit test.
* Add porting guide entry.
* Update changelog to match porting guide description.
ci_complete
* Make individual dirs that should exist instead of using shutil.copytree
* Test build_ignore when installing collections in git repos
* changelog
* Fix assertion
Fix git directory
* Fix nested content while building the collection dir
Test installing a collection from a git repo and artifact have the same result
Refactor to use variables
* Support templating _from_files with --extra-vars for imported roles
* Add tests for templating the filenames for import_role, import_playbook, and import_tasks
* Add documentation
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
* Test a passlib wrapped algo with a password lookup
* Fix error when passlib is used with a wrapped algo
The exception was:
An unhandled exception occurred while running the lookup plugin 'password'.
Error was a <class 'TypeError'>, original message: issubclass() arg 1 must be a class
and can be reproduced using the following command:
ansible localhost -i localhost, -mdebug -amsg="{{ lookup('password', '/dev/null encrypt=ldap_sha512_crypt') }}"
The concerned algo are: bsd_nthash, django_argon2, django_bcrypt, ldap_bcrypt,
ldap_bsdi_crypt, ldap_des_crypt, ldap_hex_md5, ldap_hex_sha1, ldap_md5_crypt,
ldap_pbkdf2_sha1, ldap_pbkdf2_sha256, ldap_pbkdf2_sha512, ldap_sha1_crypt,
ldap_sha256_crypt, ldap_sha512_crypt, roundup_plaintext
* allow vars_files to use dwim (vars/) and vaults
* also fixed bug with temp file cleanup, some pythons dont like it when you alter loop
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Rather than adding further complexity to the regex, preprocess the output to
remove any empty lines. Now the only purpose of the regex is to fix
wrapped lines.
Fixes#70949
* avoid getting delegated vars w/o inventory host
fixes#75512
In the case of imports, we don't have a host, so getting host vars for
the delegated host makes no sense and should be avoided.
* also avoid error on vars_files with per host vars
* test
* testing given case
* oops
* add 'file options' for become and connection pass
* implemented getting passwords from file or script
* added config entry
* fixed env var name and noted executable behaviuor
Co-authored-by: Rick Elrod <rick@elrod.me>
* Add new comment attribute to template plugin
Add comment_start_string and comment_end_string attribute to template
plugin
Co-authored-by: Hossein Zolfi <h.zolfi@inside.sahab.ir>
* user - Remove unused code.
* Replace deprecated abstractproperty decorator.
* Fix __all__ to be a tuple.
* Use a generator in subelements lookup.
* Use from import in basic.py
* Add changelog fragment.
* Fix selinux unit test.
* Improve error for InconsistentCandidate exceptions
* Add test case for installing a collection with an inconsistent version
* Add test case for installing a collection that has a dependency with an inconsistent version
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
* Add basic schema for attributes.
* Support attributes for version_added_collection adding mechanism.
* Add changelog fragment.
* Support new attribute properties from #74331.
* Require additional properties strictly.
* Fix a bug with the dnf module not using all components of a package name when filtering to determine if it's installed
* changelog
* Simplify splitting on the last '.'
* Update lib/ansible/modules/dnf.py
Push /usr/bin/python to almost the bottom of the barrel. This makes the strategy to prefer
specific versions of the "mystery meat" version.
* Change INTERPRETER_PYTHON default to 'auto'
Change description to match change in behavior.
Change deprecation message to a warning.
* Update docs
* Add porting guide entry
* Update unit tests
* Update integration test
* Allow INTERPRETER_PYTHON_FALLBACK to be configure using a variable
* Prefer platform-python above other Python 2 interpreters
* Add Python 3.10 to the list of interpreters
* Make undefined variables in handler names non-fatal if the handler is not used
* If the handler has no way to be notified (i.e. the name can't be templated and the handler has no listen topics), display a warning
* Add tests for variables in handler names
* changelog
* Fix when evaluation on Native Jinja and Python 3.10
* Add unit test
* Add explaining comment
* Enable jinja2_native before tests
Co-Authored-By: Matt Martz <matt@sivel.net>
* Sanity
* Return native template module instead of modifying globals
Co-authored-by: Matt Martz <matt@sivel.net>
* modules moved to use best_parsable_locale
* fixed invocations
* better better
* also module_utils
* converted to function as per fb
* patch testt
* whitespace
* set host_key_checking check to False, rather than if not (which captures False and None)
* add host_key_checking default to ssh.py / update documentation
* Canonicalize module_defaults actions and action_groups pre-fork and cache them on the play
* Call get_action_args_with_defaults with the resolved FQCN plugin and don't pass the redirect list
* Add validation for action_group metadata and a toggle to disable the warnings
* Handle groups recursively referring to each other
* Remove special-casing for non-fqcn actions in module_defaults groups
* Error for actions and groups in module_defaults that can't be resolved
* Error for fully templated module_defaults
* Add integration tests for action_groups
* Changelog
Since the task and connection both have the same 'retries' keyword, the task default
would override the connection value.
Do not pass 'retries' from the task to the connection options.
* Set ssh_connection retries default value back to 0
It was 0 before the move to config and was changed to 3 by accident.
* module_common - handle cache directory creation collision
Occasionally multiple workers can try to create the cache directory if it exists. Catch the exception
and handle it.
* Just re-raise if it doesn't exist rather than trying again
* Use exists_ok rather than handling an exception
* Remove unused import and unused variable
* Go back to try/except but with OSError
Since we do not have split controller remote, this needs to be able to run in Python 2 in order
to be merged currently.
* The resolved_action is the formatted version of the final plugin in the PluginLoadContext's redirect_list
* Collection plugins are represented as FQCN
* Legacy plugins are represented with only the plugin name
* Add tests
* Changelog
* Fix struture of cli/doc.py snippet code.
A couple releases ago, cli/doc.py was modified to mostly conform to the
data processing pipeline steps. format_plugin_doc() was the biggest
exception in that refactor. When the snippet code was made generic
instead of being only for modules, the new code should have conformed to
the data processing pipeline too.
* Move the decision to output a snippet to the run() method alongside
the decision to output a listing versus plugin_docs.
* Move the test for invalid plugin_types to the run() method as it
affects all snippets in this run, not just a single snippet. (-t can
only be specified once)
* Rename get_snippet_text() to format_snippet() as:
* This is the data formatting step
* The format_snippet() name matches with its conceptual sibling,
format_plugin_doc().
* Use ValueError inside of format_snippet() to flag unrecoverable errors
formatting a single snippet.
* Emit a warning when format_snippet() raises ValueError and continue to
the next snippet.
* If the yaml(?) or toml inventory plugin is specified for snippet output,
raise ValueError() so that the user sees a warning instead of simply
seeing blank output.
* Do not modify arguments passed into format_snippet(). This is the
formatting step so data should not be modified.
* Change _do_yaml_snippet() and _do_lookup_snippet() to operate side
effect free.
* Fix raising of exceptions when formatting requred options for snippets.
* Unrelated: Use to_text() instead of to_native when calling
display.warning(). to_native() is used for raising exceptions. Not
for display methods.
* Add a changelog
specially for when you have parameters in unicode but need
to scrape responses, C is still the fallback
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Can now specify plugin/plugin type for list and dump actions
New 'init' action to create usable config sources
Co-authored-by: Felix Fontein <felix@fontein.de>
* Change tests to pytest-style tests
* Add tests for invalid hosts
* Validate host inputs
- check for empty values
- check for None
- check for values that are not a sequence and are not strings
- add unit tests
* Move play name setting to get_name() and out of load()
* Add _validate_hosts() method
By defining this method, it gets called automatically by FieldAttributeBase.validate().
* Improve the error handling code
Rather than multiple return paths, have a single return and set the message based
on the type of failure.
* Add another test for non-specific failures
* Reorganize tests so failure tests are in one tasks file
* Remove os.stat() call and add changelog
* Remove use of _remote_checksum from fetch module
* Add deprecation message displayed during runtime
* Increase test coverage for fetch
* Add tests covering the use of stat from the fetch module
This required creating an unpriveleged user account and connecting as that user remotely since
it is not possible to create a file that the root user cannot stat.
* Use fact caching to persist remote tmp dir across playbook runs
* Add variables to setup_remote_tmp test role to allow caching of the remote temp dir fact
and preventing removal of the remote_tmp_dir
* subversion - set LC_ALL for accurate command output parsing
When LC_ALL is not set, the output language of commands will differ based on locale. There
is a lot of history of trying to fix this. See the following pull requests:
https://github.com/ansible/ansible-modules-core/pull/4358https://github.com/ansible/ansible-modules-core/pull/4358
This patch attempts to fix this my setting LC_ALL to a UTF-8 locale. Setting LC_ALL to C reintroduces this bug https://github.com/ansible/ansible-modules-core/issues/4178.
I'm sure there are some problems I am not seeing with setting this to en_US.UTF-8, but that is
the only way I could find to fix this bug without reintriducing the bug mentioned above.
* Rather than setting locale, just check for matches before trying to get groups
This is a pragmatic solution to avoid the stack trace since setting the locale correctly
to ensure message parsing is accurate is problematic.
* Improve regexps for finding revision and URL
Since moving to distro, it is possible to return this information for all platforms, not just Linux.
Also return version information for all platfrom not just Linux.
Update unit tests.
Remove some duplicate unit tests though I think there are more to remove.
* Fix docstring formatting
* Minor docstring changes
* Mock distro.id for Solaris service test
* Update comment
Test for the required binaries in the can_handle_archive() method and fail there. This
prevents failures for missing binaries unrelated to the archive type.
* Update missing zip binary message to match tar message
* Update unit tests
* Add integration tests
* Define packages based on the system rather than ignoring failures
* minor service_mgr facts fixes
handle case in which ps command fails or returns empty
updated tests since it now does keep trying to detect after ps fails
cli options will now display either use provided info, or automating from the name
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
- remove need for module (at least for posix side)
- adds retry with backoff on fetching file, since
race is bigger since we don't spend time on module
- now gives more info on fail
- also made actionfail/skip handle results if given
* rebased with upstream
* removed extra usetty as it wasnt needed, style changes, added var option setable by inventory for pkcs11
* update pkcs11_provider version_added
* Update lib/ansible/plugins/connection/ssh.py
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* Update lib/ansible/plugins/connection/ssh.py
Correct logic for a password being required for pkcs11_provider
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* style nit fixes for checking pkcs11_provider is set
* fixed duplication when using password_prompt with pkcs11_provider
* added changelog fragment
* added changelog fragment
Co-authored-by: David Whiteside <david.whiteside@nrel.gov>
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
base._update_security_filters is a private attribute of DNF used
as performance optimization. Modification or even call from outside
of DNF is against all recommendation including PEP8.
* Improve compatibility with all DNF versions
* Add changelog fragment for dnf security change
* Add resiliency to linux hw fact gathering
Now traps unexpected exceptions on mounts and continues
gathiering other info.
Also gives more info on why mount info gathering failed.
more info if debugging
* Fix module-specific defaults in the gather_facts, package, and service action plugins.
* Handle ansible.legacy actions better in get_action_args_with_defaults
* Add tests for each action plugin
* Changelog
Fixes#72918
Change:
- Make strategies behave consistently and return the empty string
instead of "UNKNOWN" (or "temporarystub") for the "before" value if
the permanent hostname file does not exist or could not be read.
- Switch to `with open()` instead of annoying exception handling code
(which was wrong and leaked file handles in several places). This
drops Python 2.4 support for this module.
- Updated porting guide since users could be relying on these former,
inconsistent values.
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Hostname strategies' get_*() methods should never write to the
filesystem. They are used in check_mode by default to determine if
there is any work to be done.
Test Plan:
- New unit tests to ensure that (at least when in check_mode) the get
methods don't ever call write.
Tickets:
- Fixes#66432
Signed-off-by: Rick Elrod <rick@elrod.me>
* Don't mutate os.environ in AnsibleModule.run_command, make a copy, and pass to Popen. Fixes#74783
* Simplify code a bit
* More simple
* Address some other potentially non threadsafe operations
* Add if around umask
* Address unit test assumptions
* Add clog frag
* yaml syntax issue
service module acts as proxy module for all service manager modules,
just like `package` module.
This is helpful in heterogeneous environments to manage services.
Fixes: #74507
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* docs: Update Python 2 doc links
Update links from Python 2 to Python 3
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* use docs.python.com/3/ everywhere, except onethat should remain 2.6
* refer to python 3 in module docs and comments
* format two python docs links as list
* updates links in unwanted.py test file
* per matt clay, this should link to python 2
Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
When an empty value is provided, no `version` attribute will exist on the `LooseVersion` or
`StrictVersion` object. We catch and handle this, but it's not immediatebly clear that an
AttributeError means an empty value was provided.
Specifically handle the case where value or version are empty and add more
helpful error messages.
Add integration tests.
* Remove PyCrypto from setup.py and packaging script
* Remove mention of pycrpto from installation docs
* Remove PyCrypto from vault
* Remove pycryto constraint and unit test requirement
* Remove PyCrypto tests from unit tests
* Add docs and fix warning message
* Remove section about cryptography library in Ansible Vault docs
* Only remove crontabs if they are empty
* Add integration test to ensure system cron tab doesn't get removed. Increase cron integration tests separation.
* Also detect crontab which only contains whitespace as empty.
* cron integration test: Adjust system crontab path to be distribution specific.
Co-authored-by: Fabian Klemp <fabian.klemp@elara-gmbh.de>
* Update to six 1.16.0
* Address linting issues
* Remove six find_spex/exec_module warning filters
* Remove unnecessary comment about Py2.6, 2.13 will not support Py2.6, and we're bumping this for 2.12
* ci_complete
* Add changelog fragment
* Add constraint for MarkupSafe
MarkupSafe >= 2.0.0 requires Python >= 3.6.0. Add a constraint for older Python versions
and fix the `groupby_filter` test.
* Fix template_jinja2_latest test.
* patch filter decorators on newer Jinja2
* Jinja2 >= 3.0 renames several filter decorators used by Ansible itself, as well as by filters in collections. This patch ensures that the old names are usable within Ansible and by collections without warnings or errors.
* Ignore docs-build issues.
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Davis <mrd@redhat.com>
While logging, journal.send accepts module parameters.
If module parameters similar to arguments in journal.send,
rename the parameter names before sending to journal.send
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fix: action _fixup_perms2 macos +a remote_paths in list() as it can be tuple
in `lib/ansible/plugin/action/__init__.py`'s `_fixup_perms2`,
`remote_paths` can be a list or tuple. however, the macos
specific attempt to use chmod +a attempts to concatenate
`remote_paths` with a list, which will fail if it is a tuple.
wrapping `remote_paths` in `list()` fixes this error.
* Update changelogs/fragments/74613-actionfixup_perms2_macos_remote_paths_ensure_list.yml
Co-authored-by: Rick Elrod <rick@elrod.me>
* support separate role argspec file in ansible-doc
* support separate role argspec file in ansible-core
* support both .yml and .yaml extensions on argspec file in ansible-doc
* fix filename building bug and rename some argspec files to test variations
* use yaml extensions from constants
* add superfluous meta/main.yml files to tests
* Update lib/ansible/cli/doc.py
Co-authored-by: Sam Doran <sdoran@redhat.com>
* update docs
* ci_complete
* add changelog and allow for main.yml variations
* add collection role testing
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Get available collection versions with page_size=100 for v2 and limit=100 for v3
* Update unit tests for larger page sizes
* Add a generic retry decorator in module_utils/api.py that accepts an Iterable of delays and a callable to determine if an exception inheriting from Exception should be retried
* Use the new decorator to handle Galaxy API rate limiting
* Add unit tests for new retry decorator
* Preserve the decorated function's metadata with functools.wraps
Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Always use create_homedir when we are asked to create a home directory
in the User class. Don't use the -m and -k parameters from
useradd / luseradd as they behave differently with respect to
preexisting home directories. Instead always specify -M to ensure
that useradd / luseradd do not try to create the home directory.
This does not change potential different behaviours in child classes
of the User class.
Consider the new umask option from #73821 in create_homedir as well as
we do not let luseradd / useradd create the home directory any longer.
From the sha512sum man page:
... The default mode is to print a line with checksum, a character indicating type ('*' for binary, ' ' for text), and name for each FILE.
The distutils module is not shipped with SUNWPython on Solaris.
It's in the SUNWPython-devel package. Do not use LooseVersion.
Fixes: #74488
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* removal of deprecations and minor fix
name or cron_file is required.
reboot was removed.
updated docs to clarify usage.
now using cron_file=/etc/crontab is an error
fixes#37355
* warn show pathing issues when wallking through provided paths
moved issues from msg to actual warnings AND a specific return field
fixes#25314
Co-authored-by: Sam Doran <sdoran@redhat.com>
* pause - ensure control characters are always set appropriately
On some systems, curses.tigetstr() returns None, which does not work as a control character.
* Add unit tests
* Sort imports
* Skip on older Python
This is an action plugin and only runs on the controller, so no need to test of Python 2. Making
the import hackery work on Python 2 would required some more work which I am not sure is
worth it since we are moving away from Python 2 support on the controller.
* Make the tests work on Python 2 and 3
Document that systemd module manages units (timers, services, ...) and not only service. (#74442)
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
* Fix section for inventory cache prefix
* Redirect general config inventory cache options to inventory plugin documentation
* Update the template to fix the docs-build error
* removes 'default' entries for config settings with default: ''
* single backticks => italics, double backticks => code
* use 'Default: ~' to match other entries that have no default setting
Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
Change:
- After we output the newline in help text, we also added a space. This
caused either a space to show up before the shell prompt (in shells
like bash), or " %" and a newline before the next prompt on shells
like zsh that automatically force commands to end with a newline.
- This change removes the extra space, so that peace can be restored in
the minds of many.
- This only showed up when running commands with no arguments or invalid
arguments.
Test Plan:
- Ran `ansible`, `ansible -h`, `ansible-playbook`, `ansible-galaxy`, and
`ansible-galaxy -h`.
Tickets:
- Introduced in #69458
Signed-off-by: Rick Elrod <rick@elrod.me>
* dont specify default for port, allow ssh/config
also added general note on how defaults work.
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Not all GnuPG return codes were analyzed (rc != 0) and not all relevant GnuPG error information was returned by the 'ansible.builtin.apt_key' module (https://github.com/ansible/ansible/issues/74477)
* Update changelogs/fragments/74478-apt_key-gpg-error-check.yaml
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Fix BaseFileCacheModule#keys to respect prefix
Change:
- Previously BaseFileCacheModule#keys would return keys with the cache
prefix. These keys are impossible to retrieve from the cache without
removing the prefix or using the cache without a prefix.
Now it removes the prefix from the key and only returns keys that
share the same prefix as the cache.
Test Plan:
- New unit tests
* Add explicit BaseFileCacheModule#keys test
Test that files that do not match the cache prefix are ignored.
Test that the prefix is removed from the cache key.
* dont rely on vars, task already gives us info
* ensure we always display delegation in host label
* also added parens with ansible_host to show target host vs resolved host
* delegating to self is not delegating
* delegated vars restoration for backwards compat
* tests need mock task with delegate_to
* correctly parse device from string
* check for command presence before running them
* check for command presence and return code for solaris and aix as well
* add changelog
Change:
- Instead of returning the `str` type, return the value that was
calculated.
Test Plan:
- New unit tests.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Fix world readable setting
now uses shell option in all cases, the old constant still exists
as 'documentation' but it not settable.
also fix the docsite link in warnings/errors
* fix typose#
* fix comment#
* added deprecated to config
* missing :
* import cleanup
Fixes#74255
* Fix call to 'unique(case_sensitive=False)' triggering error when falling back to Ansible's version which **is** case-sensitive
* Test multiple situations of 'unique' filter errors with fallback not handling specific parameters
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Rick Elrod <rick@elrod.me>
Homebrew's default install location for macOS on ARM is /opt/homebrew.
Source: https://docs.brew.sh/FAQ
On a Mac M1 (Apple Silicon), homebrew will be installed at
/opt/homebrew/bin/brew.
* Add yaml utils file and use it
* Linting fix and missing import
* Abstract a few more details
* Parser imports
* Don't use CSafeDumper in AnsibleDumper
* Move and use convert_yaml_objects_to_native when libyaml is present
* yaml_load and yaml_dump, instead of safe_*
* re-use HAS_LIBYAML from utils.yaml
* add changelog fragment
* Address recent changes
* Use representer instead of recursive type converter
* Restore needed import
* move yaml utils to module_utils
* Properly guard imports
* Update from_yaml(_all)? to handle text wrappers with CSafeLoader
* Use yaml utils for legacy_collection_loader
* Add HAS_YAML, and ignore pylint issue
* oops
* GPL->BSD
* Map Debian 8 to Python 2
If Python 3 is installed on Debian 8 Ansible cannot run, as the version
is too old (3.4)
* Add integration test for python interpreter discovery on Debian 8
* fix test issue on Debian 9, add changelog
* un"fix" not broken test :D
Co-authored-by: Fabian Klemp <fabian.klemp@elara-gmbh.de>
Co-authored-by: Matt Davis <mrd@redhat.com>
* Add ArgumentSpecValidator to docs
* Improve docs for ArgumentSpecValidator
* Document removal of private methods
* Update module_utils documentation
- Add docs for argument spec classes as well as validation and parameters files.
- preserve the order in the source for errors.py
- document DEFAULT_TYPE_VALIDATORS so it can be referenced elsewhere
- fix automodule directive for validation.py
* Update docs in arg_spec and paremeters
- This improves the generated documentation.
* Document breaking changes in porting guide.
* Update formatting in porting guide and add a Deprecated section
* Fine tune module_utils documentation
* Move instance docstring to the __init__ method
Remove optional description since it fails the sanity test and I am not 100% it is valid anyway.
* Remoe incorrect parameter from docstring
This was changed a while ago but wasn't removed from the docstring.
* Use attr rather than attribute
The py:attribute: domain only exists in newer Sphinx >= 3.1.
* Improve documentation on exceptions
* Final pass
- use args/kwargs instead of param
- fix formatting errors that didn't display examples correctly
- format TypeErrors so they are referenced as classes
- specify complex types
* Add umask option to user module
* Fail on setting both umask and local: True
* Add integration test
* Add changelog
* Run integration tests only if HOME_MODE is not set
* Run integration tests only on Linux
Co-authored-by: Matt Clay <matt@mystile.com>
Change:
- Newer Solaris drops setfacl. Add a fallback for its chmod ACL syntax.
Test Plan:
- New units
Tickets:
- Fixes#74282
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Regression introduced in #70785
- When macOS chmod ACL syntax is used, Solaris-derived chmods return
with a status of 5. This is also used for our sshpass handling,
because sshpass will return 5 on auth failure. This means on Solaris,
we incorrectly assume auth failure when we reach this branch of logic
and try to run chmod with macOS syntax.
- We now wrap this specific use of chmod in an exception handler that
looks for AnsibleAuthenticationFailure and skips over it. This adds
another authentication attempt (something we normally avoid to prevent
account lockout), but seems better than the regression of not allowing
other fallbacks to be used.
- Without this patch, if setfacl fails on Solaris (and sshpass is used),
we do not try common_remote_group or world-readable tmpdir fallbacks.
Test Plan:
- New unit
Signed-off-by: Rick Elrod <rick@elrod.me>
* Handle netconf plugin ncclient import error when running in FIPS mode
* While running in FIPS mode importing ncclient result in
InternalError raised by cryptography
* Refer https://github.com/ansible/ansible/pull/65477
This simplifies rendering the hostname (or hostname+delegated host) in
the default callback module, and reduces code duplication
I've chosen not move where in each handler the host label is rendered,
in case subsequent operations has side effects. However I'm happy to
change that if considered safe.
I've chosen not to change the formatting operator used (%), to avoid
changes in rendering that might result.
Signed-off-by: Alex Willmer <alex@moreati.org.uk>
Change:
- We were passing a directory name directly to re.compile().
If the directory isn't valid regex (or is) this can have odd side
effects, such as crashing.
- Fix a few other similar cases, but less likely to be a real issue.
Test Plan:
- New test
Signed-off-by: Rick Elrod <rick@elrod.me>
* Catch errors getting filters, and fail
* Add changelog
* Switch to warnings instead of errors, to match other plugin loader behavior
* Add tests
* Handle collections
Martin Krizek